Top 308 infosec open source projects

Personal security checklist for securing your devices and accounts.

Dashboard to collect, analyze, and respond to reported phishing emails.

Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.

KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.

A Blazing fast Security Auditing tool for Kubernetes

Cameradar hacks its way into RTSP videosurveillance cameras

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.

An OSINT tool to find contacts in order to report security vulnerabilities.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

A collection of all the data i could extract from 1 billion leaked credentials from internet.

OSINT Project

Anti-keylogger/anti-rat application for Windows

Hawkeye filesystem analysis tool

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

Decode All Bases - Base Scheme Decoder

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A medium interaction printer honeypot 🍯

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Yar is a tool for plunderin' organizations, users and/or repositories.

🔐 Security advisories as a simple composer exclusion list, updated daily

🔐 Docker Container for Penetration Testing & Security

Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.

Find cloud assets that no one wants exposed 🔎 ☁️

🔓 A dynamic dictionary merger for successful dictionary based attacks.

Exploit Development, Reverse Engineering & Cryptography

Notes Taken for HTB Machines & InfoSec Community.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Agile Threat Modeling Toolkit

OWASP Honeypot, Automated Deception Framework.

Monitoring your Slack workspaces for sensitive information

A python script that finds endpoints in JavaScript files

Find leaked emails with your passwords

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Tool made to automate tasks of pentesting.

Repo replaced by cogsec-collaborative/AMITT

Offensive tools as Dockerfiles. Lightweight & Ready to go

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

Windows one line commands that make life easier, shortcuts and command line fu.

PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>

Detect silent (unwanted) changes to files on your system

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Wireshark Cheat Sheet

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

Monitoring GitLab for sensitive data shared publicly

internet monitoring osint telegram bot for windows

A tool to hunt for publicly accessible DigitalOcean Spaces

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A permutation generation tool written in golang

💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

📡 A python program to create a fake AP and sniff data.

Python script to hunt phishing kits